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Abstract 

How to extract negative information from programs is an important issue in logic program- 
ming. Here we address the problem for functional logic programs, from a proof-theoretic 
perspective. The starting point of our work is CRWL (Constructor based Re Writing Logic), 
a well established theoretical framework for functional logic programming, whose funda- 
mental notion is that of non-strict non-deterministic function. We present a proof calculus, 
CRWLF, which is able to deduce negative information from CR WZ^programs. In partic- 
ular, CRWLF is able to prove 'finite' failure of reduction within CRWL. 
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1 Introduction 

We address in this paper the problem of extracting negative information from func- 
tional logic programs. The question of negation is a main topic of research in the 
logic programming field, and the most common approach is negation as failure 
IjClark 1978(1 . as an easy effective approximation to the CWA (closed world assump- 
tion), which is a simple, but uncomputable, way of deducing negative information 



from positive programs (see e.g. Apt and Bol (1994| ) for a survey on negation in 
logic programming). 

On the other hand, functional logic programming (FLP for short) is a powerful 
programming paradigm trying to combine the nicest properties of functional and 



logic programming (see Hanus (19941 for a now 'classical' survey on FLP). A main- 
stream in current FLP research considers languages which are biased to the func- 
tional programming style, in the sense that programs define functions, but having 
logic programming capabilities because their operational mechanisms are based on 
narrowing. Some existing systems of this kind are TOy ( |L6pez and Sanchez 1 999a 
|Abeng6zar et al. 2002| ) or the various implementations of Curry IjHanus 2000(1 . In 
the rest of the paper we have in mind such approach when we refer to FLP. 

FLP subsumes pure logic programming: predicates can be defined as functions 
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returning the value 'true', for which definite clauses can be written as conditional 
rewrite rules. In some simple cases it is enough, to handle negation, just to define 
predicates as two- valued boolean functions returning the values 'true' or 'false'. But 
negation as failure is far more expressive, as we see in the next section, and it is 
then of clear interest to investigate a similar notion for the case of FLP. Failure in 
logic programs, when seen as functional logic programs, corresponds to failure of 
reduction to 'true'. This generalizes to a natural notion of failure in FLP, which is 
'failure of reduction to (partial) data constructor value', or in other terms, 'failure 
of reduction to head normal form' {hnj for short). 

As technical setting for our work we have chosen CRWL (Gonz alez et al. 19961 
IGonzalez et al. 1999|l . a well established theoretical framework for F LP. The funda- 
mental notion in CRWL is that of non-strict non-deterministic function, for which 
CRWL provides a firm logical basis. Instead of equational logic, which is argued 
to be unsuitable for FLP in Gonzalez et al. (19991, CRWL considers a Constructor 
based Re Writing Logic, presented by means of a proof calculus, which determines 
what statements can be deduced from a given program. In addition to the proof- 
theoretic semantics, l|Gonzalez et al. 19961 IGonzalez et al. 1999JI develop a model 
theoretic semantics for CRWL, with existence of distinguished free term models for 
programs, and a sound and complete lazy narrowing calculus as operational seman- 
tics. The interest of CRWL as a theoretical framework for F LP has been mentioned 



Hanus (2000), and is further evidenced by its many extensions incorporating rel- 



evant aspects of declarative programming like HO features IjGonzalez et al. 1997(1 , 
polymorphic and algebraic types ( |Arenas and Rodriguez 20 01), or constraints ((Arenas et al. 19 99). 
The framework, with many of these extensions (like types, HO and constraints) has 
been implemented in the system TOy. 

Here we are interested in extending the proof-theoretic side of CRWL to cope with 
failure. More concretely, we look for a proof calculus, which will be called CRWLF 
('CRWL with failure'), which is able to prove failure of reduction in CRWL. Since 
reduction in CRWL is expressed by proving certain statements, our calculus will 
provide proofs of unprovability within CRWL. As for the case of CWA, unprovability 
is not computable, which means that our calculus can only give an approximation, 
corresponding to cases which can be intuitively described as 'finite failures'. 

There are very few works about negation in FLP. In |Moreno (1994| ) the work 
of Stuckey about constructive negation ( |Stuckey 1991| |Stuckey 1995| ) is adapted 
to the case of FLP with strict functions and innermost narrowing as operational 
mechanism. In Moreno (19961 a similar work is done for the case of non-strict 
functions and lazy narrowing. The approach is very different of the proof-theoretic 
view of our work. The fact that we also consider non-deterministic functions makes 
a significant difference. 

The proof-theoretic approach, although not very common, has been followed 
sometimes in the logic programming field, as in Jager and Stark (19981, which de- 
velops for logic programs (with negation) a framework which resembles, in a very 
general sense, CRWL: a program determines a deductive system for which deducibil- 
ity, validity in a class of models, validity in a distinguished model and derivability by 
an operational calculus are all equivalent. Our work attempts to be the first step of 
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what could be a similar programme for FLP extended with the use of failure when 
writing programs. 

The rest of the paper is organized as follows. In Section 2 we discuss the interest 
of using failure as a programming construct in the context of FLP . In Section 3 
we give the essentials of CRWL which are needed for our work. Section 3 presents 
the CiiWLF-calculus, preceded by some illustrative examples. Sections 4, 5 and 
6 constitute the technical core of the paper, presenting the properties of CRWLF 
and its relation to CRWL. Finally, Section 7 outlines some conclusions and possible 
future work. 



2 The Interest of Failure in FLP 

Although this work is devoted only to the theoretical aspects of failure in FLP, in 
this section we argue some possible applications of this resource from the point of 
view of writing functional logic programs. 

FLP combines some of the main capabilities of the two main streams of declar- 
ative programming: functional programming (FP) and logic programming (LP). 



Theoretical aspects of FLP are well established (see e.g. Gonzalez et al. (1999 1) 
and there are also practical implementations such as Curry or TOy. Disregarding 
syntax, both pure Prolog and (a wide subset of) Haskell are subsumed by those 
systems. The usual claim is then that by the use of an FLP system one can choose 
the style of programming better suited to each occasion. 

However there are features related to failure, mainly in LP (but also in FP) yet 
not available in FLP systems. This poses some problems to FLP: if a logic program 
uses negation (a very common situation), it cannot be seen as an FLP program. This 
is not a very serious inconvenience if other features of FLP could easily replace the 
use of failure. But if the FLP solution (without failure) to a problem is significantly 
more complex than, say, an LP solution making use of failure, then it is not worth 
to use FLP for that problem, thus contradicting in practice the claim that FLP can 
successfully replace LP and FP . 

We now give concrete examples of the potential use of a construction to express 
failure in FLP programs. We assume for the examples below that we incorporate 
to FLP the following function to express failure of an expression: 

. , f true if e fails to be reduced to hnf 
fails (e) ::= < 

[ false otherwise 

The sensible notion to consider is failure of reduction to head normal form 1 , since 
head normal forms (i.e., variables or expressions c(. . .), where c is a constructor 
symbol) are the expressions representing, without the need of further reduction, 
defined (maybe partial) values. 



To be technically more precise, we should speak of 'failure to reduction to head normal form 
with respect to the CRWL-calculus', to be recalled in Section 3. 
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Example 1 {Failure to express negation in LP) 

The most widespread approach to negation in the LP paradigm is negation as failure 
l|Clark 1978J1 . of which all PROLOG systems provide an implementation. Typically, 
in a logic program one writes clauses defining the positive cases for a predicate, and 
the effect of using negation is to 'complete' the definition with the negative cases, 
which correspond to failure of the given clauses. 

For example, in LP the predicate member can be defined as: 

member (X, \X\Ys\). 

member(X, \Y\Ys\) <— member (X,Ys). 

This defines member (X,L) as a semidecision procedure to check if X is an element 
of L. If one needs to check that X is not an element of L, then negation can be 
used, as in the clause 

add(X,L, [X\L]) : —not member{X,L). 

Predicates like member can be defined in FLP as true- valued functions, converting 
clauses into conditional rules returning true: 

member(X, [Y\Ys]) — > true -^Iwy 

member(X, [Y\Ys]) — > true <= member(X,Ys) X true 

To achieve linearity (i.e., no variable repetition) of heads, a usual requirement 
in FLP, the condition X ex Y is used in the first rule. The symbol ex (taken 
from ^Gonzalez et al. 19961 fQonzale z et al. 19 991) is used throughout the paper to 
express 'joinability', which means that both sides can be reduced to the same data 
value (for the purpose of this example, ex can be read simply as strict equality). 

What cannot be directly translated into FLP (without failure) is a clause like 
that of add, but with failure it is immediate: 

add(X, L, [X'\L']) — > true <= fails (member (X, L)) ex true, X' dx X, L' ex L 

In general, any literal of the form not Goal in a logic program can be replaced 
by fails(Goal) ex true in its fLf-translation. 

This serves to argue that FLP with failure subsumes LP with negation, but of 
course this concrete example corresponds to the category of 'dispensable' uses of 
failure, because there is a natural failure-free FLP counterpart to the predicate 
member in the form of a bivaluated boolean function, where the failure is expressed 
by the value false. The following could be such a definition of member. 

member (X, [ ]) — > false 

member (X, \Y \Y s\) — > true X txY 

member(X, [Y|Ys]) — > member(X,Ys) X O Y 

The symbol O (corresponding to disequality ^ of ( |L6pez and Sanchez 1 999a 
|L6pez and Sanchez 1999b| ) expresses 'divergence', meaning that both sides can be 
reduced to some extent as to detect inconsistency, i.e., conflict of constructors at 
the same position (outside function applications). Now add can be easily defined 
without using failure: 
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add{X, L, [X'\L']) — » true <= member{X, L) cx false, X 1 CX X, L' cx L 

The next examples show situations where the use of negation is more 'essential', 
in the sense that it is the natural way (at least a very natural way) of doing things. 

Example 2 {Failure in search problems I) 

Non-deterministic constructs are a useful way of programming problems involving 
search. In FLP one can choose to use predicates, as in LP, or non-deterministic 
functions. In these cases, the use of failure can greatly simplify the task of pro- 
gramming. We see an example with non-deterministic functions, a quite specific 
FLP feature which is known to be useful for programming ( |Abeng6zar et al. 2002| 
IHanus 20001 |Antoy 1997| ) in systems like Curry or T Oy. 

Consider the problem of deciding, for acyclic directed graphs, if there is a path 
connecting two nodes. A graph can be represented by a non-deterministic function 
next, with rules of the form next(N) — > N' , indicating that there is an arc from N 
to AT'. A concrete graph with nodes a, b, c and d could be given by the rules: 

next(a) — > b 
next(a) — > c 
next(b) — ► c 
next(b) — > d 

and to determine if there is a path from X to Y we can define: 
path{X, Y) -> true X tx Y 

path(X, Y) — > true <= X O Y, path(next(X) ,Y) ex true 

Notice that path behaves as a semidecision procedure recognizing only the positive 
cases, and there is no clear way (in 'classical' FLP ) of completing its definition 
with the negatives ones, unless we change from the scratch the representation of 
graphs. Therefore we cannot, for instance, program in a direct way a property like 

safe(X) ::— X is not connected with d 

Using failure this is an easy task: 

safe(X) — ► fails (path(X,d)) 

With this definition, safe(c) becomes true, while safe{a), safe(b) and safe(d) are 
all false. 

Example 3 {Failure in search problems II) 



We examine now an example mentioned in Apt (2000 1 as one striking illustration 
of the power of failure as expressive resource in LP . We want to program a two- 
person finite game where the players must perform alternate legal moves, until one 
of them, the loser, cannot move. 

We assume that legal moves from a given state are programmed by a non- 
deterministic function move(State) returning the new state after the movement. 
Using failure it is easy to program a function to perform a winning movement from 
a given position, if there is one: 
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winM ove(State) — > State' <= State' M move(State) , 

fails (winM ove(State')) ix irwe 
We think it would be difficult to find a simpler coding without using failure. 

As a concrete example we consider the well-known game Nim, where there are 
some rows of sticks, and each player in his turn must pick up one or more sticks 
from one of the rows. A player loses when he cannot make a movement, that is, 
when there are not more sticks because the other player (the winner) has picked up 
the last one. Nim states can be defined by a list of natural numbers (represented by 
and s(_) as usual), and the non-deterministic function move can be programmed 
as: 

move([N\Ns}) -> [pick(N)\Ns] 
move([N\Ns]) -» [N\move(Ns)\ 

pick{s{N)) -> N 
pick{s{N)) -> pick(N) 

A winning move from the state [s(s(z)), s(z)] can be obtained by reducing the 
expression winMove([s(s(z)), s(z)]). The proof calculus presented in Sect. 13.21 can 
prove that it can be reduced to [s(z),s(z)], and it is easy to check that this move 
guarantees the victory. 

Example 4 {Failure to express default rules) 

Compared to the case of LP, failure is not a so important programming construct 
in FP. There is still one practical feature of existing FP languages somehow related 
to failure, which is the possibility of defining functions with default rules. In many 
FP systems pattern matching determines the applicable rule for a function call, and 
as rules are tried from top to bottom, default rules are implicit in the definitions. 
In fact, the n + 1-th rule in a definition is only applied if the first n rules are not 
applicable. For example, assume the following definition for the function /: 

/(0) -> 

f(X) -1 

The evaluation of the expression /(0) in a functional language like Haskell ( |Peyton-Jones and Hughes 19 99 ) , 
will produce the value by the first rule. The second rule is not used for evaluating 
/(0), even if pattern matching would succeed if the rule would be considered in 
isolation. This sequential treatment of rules is useful in some cases, specially for 
writing 'last' rules covering default cases whose direct formulation with pattern 
matching could be complicated. But observe that in systems allowing such sequen- 
tial trials of pattern matching, rules have not a declarative meaning by themselves; 
their interpretation depends also on the previous rules. 

This contrasts with functional logic languages which try to preserve the declara- 
tive reading of each rule. In such systems the expression /(0) of the example above 
is reducible, by applying in a non-deterministic way any of the rules, to the values 
and 1. 

To achieve (and generalize) the effect of default rules in FLP, an explicit syntacti- 
cal construction 'default' can be introduced, as it has been done in (Moreno 1994). 
The function / could be defined as: 
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/(O) - 

default f{X) -> 1 

The intuitive operational meaning is: to reduce a call to / proceed with the first 
rule for /; if the reduction fails then try the default rule. 

The problem now is how to achieve this behavior while preserving the equational 
reading of each rule. Using conditional rewrite rules and our function fails (_), we 
can transform the definition of a function to eliminate default rules. In the general 
case we can consider conditional rewrite rules for the original definition. Let h be 
a function defined as: 

h(ti) — > ei <= Ci 

h(t n ) — > e„ <= C n 

default h(t n+1 ) — ► e n+ i <= C n+ \ 

The idea of the transformation is to consider a new function h! defined by the 
first n rules of h. The original h will be defined as h' if it succeeds and as the default 
rule if h! fails: 

h(X) -> h'(X) 

h(X) — > e n +i •<= fails(h'(X)) txi true, C„+i 
h'(ti) -> ei <s= Ci 

h (tn) * e n C„ 
Applying this transformation to our function example /, we obtain: 
f(X) -> /'(X) 

/(X) -> 1 ^ fails(f'(Xj) CX true 
f(0) -» 

With this definition we have got the expected behavior for / without losing the 
declarative reading of rules. 

As another example, we can use a default rule to complete the definition of the 
function path in the example [21 above: 

path{X, Y) -> true <= X ex: Y 

path(X, Y) — > true <= X O Y,path(next(X),Y) CX true 
default path{X, Y) — > false 

The function safe can now be written as: 

safe(X) — > neg(path(X,d)) 

where neg is the boolean function 



negitrue) — > /afee 
neg(false) — > true 
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Notice that in this example the (implicit) condition for applying the default rule 
of path is far more complex than a merely syntactical default case expressing failure 
of pattern matching, a feature recently discussed in ( |Curry mailing list 2000| ) as 
useful for FLP. Of course, default rules in the sense of IjMoreno 1994(1 and of this 
paper also cover such syntactical cases. 

3 The CRWL Framework 

We give here a short summary of (a slight variant of) CRWL, in its proof-theoretic 
face. Model theoretic semantics and lazy narrowing operational semantics are not 
considered here. Full details can be found in IjGonzalez et al. 1999l|L6pez and Sanchez 199 9b). 

3.1 Technical Preliminaries 

We assume a signature £ = DCs U FSs where DCs = LLeiN -^^e ^ s a se ^ °f 
constructor symbols and FSs = UneiN ^ s a se ^ °f function symbols, all of 
them with associated arity and such that DCs H FSs = 0. We also assume a 
countable set V of variable symbols. We write Terms for the set of (total) terms 
(we say also expressions) built up with £ and V in the usual way, and we distinguish 
the subset CTerms of (total) constructor terms or (total) c-terms, which only 
make use of DCs and V. The subindex S will usually be omitted. Terms intend to 
represent possibly reducible expressions, while c-terms represent data values, not 
further reducible. 

We will need sometimes to use the signature Sj_ which is the result of extending S 
with the new constant (0- arity constructor) _L, that plays the role of the undefined 
value. Over Ej_, we can build up the sets Term^ and CTerm± of (partial) terms 
and (partial) c-terms respectively. Partial c-terms represent the result of partially 
evaluated expressions; thus, they can be seen as approximations to the value of 
expressions. 

As usual notations we will write X,Y,Z, ... for variables, c,d for constructor 
symbols, f,g for functions, e for terms and s,t for c-terms. In all cases, primes (') 
and subindices can be used. 

We will use the sets of substitutions CSubst = {9 : V — > CTerm} and CSubst± = 
{6 : V — > CTerm±}. We write eO for the result of applying 9 to e. 

Given a set of constructor symbols S we say that the c-terms t and t' have an 
S-clash if they have different constructor symbols of S at the same position. 

3.2 The Proof Calculus for CRWL 
A Ci? W^L-program V is a finite set of conditional rewrite rules of the form: 

f(ti,...,t n ) — » <= C\, Cm 

head body condition 

where / e FS n , and fulfilling the following conditions: 
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• (tj, t n ) is a linear tuple (each variable in it occurs only once) with t\, t n 6 
CTerm; 

• e e Term; 

• each Ci is a constraint of the form e' ixi e" (joinability) or e' O e" (divergence) 
where e', e" € Term; 

• earfre variables are not allowed, i.e., all the variables appearing in the body e 
and the condition C must also appear in the head /(F) (var(e) U var(C) C 
var(t)). This condition is not required in <|Gonzalez et al. 1996IIGonzalez et al. 19 99): 
see the end of this section for a discussion of this issue. 

The reading of the rule is: f(t\,...,t n ) reduces to e if the conditions Ci,...,C„ 
are satisfied. We write Tj for the set of defining rules of / in V . 

Given a program T 3 , the proof calculus for CRWL can derive from it three kinds 
of statements: 

• Reduction or approximation statements: e — > t, with e G Term± and t 6 
CTerm± . The intended meaning of such statement is that e can be reduced 
to t, where reduction may be done by applying rewriting rules of V or by 
replacing subterms of e by _L. If e — > t can be derived, t represents one of the 
possible values of the denotation of e. 

• Joinability statements: e ixi e', with e,e' 6 Term±. The intended meaning in 
this case is that e and e' can be both reduced to some common totally defined 
value, that is, we can prove e — > t and e' -» t for some t £ CTerm. 

• Divergence statements: e O e', with e,e' £ Term±. The intended mean- 
ing now is that e and e' can be reduced to some (possibly partial) c-terms 
t and t' having a DC-clash. In (Gonz alez et al. 19961 IGonzalez et al. 1999) 
divergence conditions are not considered. They have been incorporated to 



CRWL in Lopez and Sanchez (1999b I as a useful and expressive resource for 



programming that is implemented in the system TOy. 

When using function rules to derive statements, we will need to use what are 
called c-instances of such rules. The set of c-instances of a program rule R is defined 
as: 

[R]x = {R0\9 e CSubstx} 

Parameter passing in function calls will be expressed by means of these c-instances 
in the proof calculus. 

Table 2] shows the proof calculus for CRWL. We write V h cwi ip for expressing 
that the statement ip is provable from the program V with respect to this calculus. 
The rule (4) allows to use c-instances of program rules to prove approximations. 
These c-instances may contain _L and by rule (1) any expression can be reduced to 
_L This reflects a non-strict semantics. A variable X can only be approximated by 
itself (rule 2) and by _L (rule 1), so a variable is similar to a constant in derivations 
with this calculus. Nevertheless, when using function rules of the program a variable 
of such rule can take any value by taking the appropriate c-instance. The rule (3) 
is for term decomposition and rules (5) and (6) corresponds to the definition of cxi 
and o respectively. 
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Table 1. Rules for CWL-provability 



(3) -. 61 - >tl '-- e " ~* tn ceDC", UeCTermx 

c(ei, e„J — > c(ti, t n ) 

( s ei — » si, e n -» Sn C e — » f tft^±,ReVf 

[ ) /(ei,...,e„)-»t (/(»i,...,«»)-»e<=C) G [J?]x 

e->t if t g CTerm 

w e X e 

e -> i e' -> t' 

(6) t if t, i' G CTerm± and have a DC— clash 

e O e 



A distinguished feature of CRWL is that functions can be non- deterministic. For 
example, assuming the constructors z (zero) and s (successor) for natural numbers, 
a non-deterministic function coin for expressing the possible results of throwing a 
coin can defined by the rules: 

coin —> z 
coin — > s(z) 

It is not difficult to see that the previous calculus can derive the statement 
coin — > z and also coin — > s(z). The use of c-instances in rule (4) instead of 
general instances corresponds to call time choice semantics for non-determinism (see 
(Gonzalez et al. 1999|l 'l. As an example, in addition to coin consider the functions 
add and double defined as: 

ifdtlV), Y)-+ s(add(X, Y)) double(X) -» add(X, X) 

It is possible to build a CRWL-proof for the statement double(coin) — > z and 
also for double(coin) — > s(s(z)), but not for double(coin) — > s(z). As an example of 
derivation, we show a derivation for double(coin) — > z; at each step we indicate by 
a number on the left the rule of the calculus applied: 



add(z, z) — » z 



double(coin) — > z 



Observe that O is not the logical negation of X. They are not even incompatible: 
due to non-determinism, two expressions e,e' can satisfy both e dxi e' and e O e 1 
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(although this cannot happen if e,e' arc c-terms). In the 'coin' example, we can 
derive both coin ix z and coin O z. 

The denotation of an expression e can be defined as the set of c-terms to which 
e can be reduced according to this calculus: 

H = {te CTerm±\V h CWi e -► t} 

For instance, [com] = {JL, z, s(_L), s(z)}. 

To end our presentation of the CRWL framework we discuss the issue of extra 
variables (variables not appearing in left hand sides of function rules), which are 
allowed in IjGonzalez et al. 19961 IGonzalez et al. 1999(1 . but not in this paper. This 
is not as restrictive as it could appear: function nesting can replace the use (typical 
of logic programming) of variables as repositories of intermediate values, and in 
many other cases where extra variables represent unknown values to be computed 
by search, they can be successfully replaced by non-deterministic functions able to 
compute candidates for such unknown values. A concrete example is given by the 
function next in example More examples can be found in ((Gonzalez et al. 19991 
|Abeng6zar et al. 2002) ). 

The only extra variable we have used in Sect. [21 is Pos' in the definition 

winM ove(Pos) — > Pos' Pos' X move(Pos) , fails (winM ove(Pos')) tx true 
of example |31 It can be removed by introducing an auxiliary function: 
winMove(Pos) — > aux(move(Pos)) 

aux(Pos) — > Pos -£= Pos ix Pos, fails (winM ove(Pos)) tx true 

The effect of the condition Pos ix Pos it to compute a normal form for Pos, which 
is required in this case to avoid a diverging computation for winMove(Pos). 

4 The CRWLF Framework 

We now address the problem of failure in CRWL. Our primary interest is to obtain 
a calculus able to prove that a given expression fails to be reduced. Since reduction 
corresponds in CRWL to approximation statements e — > t, we can reformulate our 
aim more precisely: we look for a calculus able to prove that a given expression e 
has no possible reduction (other than the trivial e — > _L) in CRWL, i.e., [e] = {_!_}. 

Of course, we cannot expect to achieve that with full generality since, in partic- 
ular, the reason for having [e] = {_!_} can be non-termination of the program as 
rewrite system, a property which is uncomputable. Instead, we look for a suitable 
computable approximation to the property [e] = {-L}, corresponding to cases where 
failure of reduction is due to 'finite' reasons, which can be constructively detected 
and managed. 

Previous to the formal presentation of the calculus, which will be called CRWLF 
(for l CRWL with failure') we give several simple examples for a preliminary under- 
standing of some key aspects of it, and the reasons underlying some of its techni- 
calities. 
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4-1 Some Illustrative Examples 

Consider the following functions, in addition to coin, defined in Sect. IIOI 

We discuss several situations involving failure with this program: 

• The expressions f(z) and f(s(z)) fail to be reduced, but for quite different 
reasons. In the first case f(z) does not terminate. The only possible proof 
accordingly to CRWL is f(z) — > _L (by rule 1); any attempt to prove f(z) — > t 
with t ^ _L would produce an 'infinite derivation'. In the second case, the only 
possible derivation is again f(s(z)) — > JL, but if we try to prove f(s(z)) — » < 
with i ^ _L we have a kind of ' finite failure': rule 4 needs to solve the parameter 
passing s(z) — > z, that could be finitely checked as failed, since no rule of 
the Ci?WX-calculus is applicable. The CRW'XF-calculus does not prove non- 
termination of f(z), but will be able to detect and manage the failure for 
/(s(z)). In fact it will be able to perform a constructive proof of this failure. 

• Consider now the expression g(coin). Again, the only possible reduction is 
g(coin) — > _L and it is intuitively clear that this is another case of finite failure. 
But this failure is not as simple as in the previous example for f(s(z)): in this 
case the two possible reductions for coin to defined values are coin — > z and 
coin — > s(z). Both of z and s(z) fail to match the pattern s(s(X)) in the 
rule for g, but none of them can be used separately to detect the failure of 
g(coin). A suitable idea is to collect the set of defined values to which a given 
expression can be reduced. In the case of coin that set is {z, s(z)}. The fact 
that C is the collected set of values of e is expressed in CKWLF by means of 
the statement e < C. In our example, CRWLF will prove coin < {z,s(z)}. 
Statements e < C generalize the approximation statements e — » t of CRWL, 
and in fact can replace them. Thus, CRWLF will not need to use explicit 
e — > t statements. 

• How far should we go when collecting values? The idea of collecting all values 
(and to have them completely evaluated) works fine in the previous example, 
but there are problems when the collection is infinite. For example, according 
to its definition above, the expression h can be reduced to any positive natural 
number, so the corresponding set would be H = {s(z), s(s(z)), s(s(s(z))), ...}. 
Then, what if we try to reduce the expression f(h)7 From an intuitive point of 
view it is clear that the value z will not appear in H , because all its elements 
have the form s(...). The partial value {s(_L)} is a common approximation to 
all the elements of FL . Here we can understand _L as an incomplete information: 
we know that all the values for h are successor of 'something', and this implies 
that they cannot be z, which suffices for proving the failure of f(h). The 
CRWLF L calculus will be able to prove the statement h < {s(_L)}, and we say 
that {s(_L)} is a Sufficient Approximation Set (SAS) for h. 

In general, an expression will have multiple SAS^s. Any expression has {_L} as 
its simplest SAS. And, for example, the expression h has an infinite number 
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of SAS's: {_L}, {s{±)}, {s(z),s(s(±))},... The SAS's obtained by the cal- 
culus for coin are {_L}, {_L, s(_L)},{_L, s(z)}, {z,±}, {z, s(_L)} and {z,s(z)}. 
The CRWLF-calcuius provides appropriate rules for working with SAS's. The 
derivation steps will be guided by these SAS's in the same sense that CRWL 
is guided by approximation statements. 

• Failure of reduction is due in many cases to failure in proving the conditions in 
the program rules. The calculus must be able to prove those failures. Consider 
for instance the expression k(z). In this case we would try to use the c-instance 
k(z) — > z <= z cxi s(z) that allows to perform parameter passing. But the 
condition z EX s(z) is clearly not provable, so k(z) must fail. For achieving it 
we must be able to give a proof for 'z txi s(z) cannot be proved with respect 
to CRWL'. For this purpose we introduce a new constraint e^e' that will 
be true if we can build a proof of non-prov ability for e XI e' . In our case, 
z xfa s(z) is clear because of the clash of constructors. In general the proof 
for a constraint e ^ e' will be guided by the corresponding SAS's for e and 
e' as we will see in the next section. As our initial CRWL framework also 
allows constraints of the form e O e', we need also another constraint <f> 
for expressing 'failure of O'. 

• There is another important question to justify: we use an explicit representa- 
tion for failure by means of the new constant symbol f. Let us examine some 
examples involving failures. First, consider the expression g(s(f(s(z)))); for 
reducing it we would need to do parameter passing, i.e., matching s(f(s(z))) 
with some c-instance of the pattern s(s(X)) of the definition of g. As f(s(z)) 
fails to be reduced the parameter passing must also fail. If we take {_!_} as 
an SAS ior f{s(z)) we have not enough information for detecting the failure 
(nothing can be said about the matching of s(s(X)) and s(-L)). But if we 
take {f} as an SAS for f(s(z)), this provides enough information to ensure 
that s(f) cannot match any c-instance of the pattern s(s(X)). Notice that we 
allow the value f to appear inside the term s(f). One could think that the 
information s(f) is essentially the same of f (for instance, f also fails to match 
any c-instance of s(s(X))), but this is not true in general. For instance, the 
expression g(s(s(f(s(z))))) is reducible to z. But if we take the SAS {f} for 
f(s(z)) and we identify the expression s(s(f(s(z)))) with f, matching with 
the rule for g would not succeed, and the reduction of g(s(s(f(s(z))) j) would 
fail. 

We can now proceed with the formal presentation of the CRWLF-calculns. 

4-2 Technical Preliminaries 

For dealing with failure we consider two new syntactical elements in CRWLF: a 
function fails and a constant f. The first one is directly included into the signature, 
so we consider E = DC U FS U {fails}, where DC and FS are sets of constructor 
symbols and (user-defined) functions respectively. This symbol, fails, stands for a 
predefined function whose intuitive meaning is: 
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f true if e fails to be reduced to hnf 
fails le) ::= < 

y false otherwise 

The boolean constants true and false must belong to DC, as they are needed to 
define the function fails. The formal interpretation of this function will be defined 
by specific rules at the level of the proof-calculus (Table [2Jl. 

The second syntactical element, the constant f, is introduced as an extension of 
the signature (as it was the element _L in CRWL). So we use the extended signature 
£_l,f = S U {_L,f}. We do not include it directly in the signature £ because its 
role is to express failure of reduction and it is not allowed to appear explicitly in a 
program. In the case of the function fails we want to allow to use it in programs as 
we have seen in the examples of Sect. 

The sets Term_\_f, CTerm± t f are defined in the natural way, and also the set of 
substitutions CSubstj_ t p — {9 : V — > CTerm±f}. 

A natural approximation ordering C over Term±f can be defined as the least 
partial ordering over Term± t f satisfying the following properties: 

i ICe for all e G Term^f, 

• h(ei, e n ) C fe(ei, e' n ), if e 4 C e'- for alii G {1, ...,n}, h G DCUFSU{fails} 

The intended meaning of e C e' is that e is less defined or has less information 
than e'. Two expressions e, e' G Term^f are consistent if they can be refined to 
obtain the same information, i.e., if there exists e" G Term± l f such that e C e" 
and e' C e". 

Notice that the only relations satisfied by f are 1 C f and f C f. In particular, f is 
maximal. This is reasonable, since f represents 'failure of reduction' and this gives 
no further refinable information about the result of the evaluation of an expression. 
This contrasts with the status given to failure in (Moreno 1996), where f is chosen 
to verify f C t for any t different from _L. 

We will frequently use the following notation: given e G Term± 1 f, e stands for 
the result of replacing by _L all the occurrences of f in e (notice that e G Term±, 
and e = e iff e G Term±). 



4.3 The Proof Calculus for CRWLF 

Programs in CRWLF are sets of rules with the same form as in CRWL, but now 
they can make use of the function fails in the body and in the condition part, i.e., 
CRWLF extends the class of programs of CRWL by allowing the use of fails in 
programs. On the other hand, in CRWLF five kinds of statements can be deduced: 

• e < C, intended to mean 'C is an S AS for e'. 

• e M e', e O e', with the same intended meaning as in CRWL. 

• e t^J e' , e <j> e', intended to mean failure of e txi e' and e <C> e' respectively. 

We will sometimes speak of XI, O, tfo, </> as 'constraints', and use the symbol •§> 
to refer to any of them. The constraints c^i and XI are called the complementary of 
each other; the same holds for <f> and O, and we write <0 for the complementary 
of <}. 
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When proving a constraint e()e' the calculus CRWLF will evaluate an SAS for 
the expressions e and e'. These SAS's will consist of c-terms from CTerm±f, and 
provability of the constraint et)e' depends on certain syntactic (hence decidablc) 
relations between those c-tcrms. Actually, the constraints ixi, O, ^ and <f> can 
be seen as the result of generalizing to expressions the relations j.,|,J/and Y on 
c-tcrms, which we define now. 

Definition 1 {Relations over CTerm±_p) 
•tit' <=> def t = t',t€ CTerm 

• t] t' <^def t and t' have a £>C-clash 

• t J/i' <^def t or t' contain f as subterm, or they have a DC-clash 

• f is defined as the least symmetric relation over CTerm j_,f satisfying: 

i) X fX, for all X G V 
ii) f Yt, for all t G CTerm_i_f 

Hi) if h yt[, t n Yt' n then c(ii, ...,t n ) Yc(t[, ...,t' n ), for c G DC n 

The relations I and | do not take into account the presence of f, which behaves 
in this case as _L. The relation J, is strict equality i.e., equality restricted to to- 
tal c-tcrms. It is the notion of equality used in lazy functional or functional-logic 
languages as the suitable approximation to 'true' equality (=) over CTerm±. The 
relation f is a suitable approximation to '-i =', and hence to J.' (where -i stands 
for logical negation). The relation J/ is also an approximation to J,', but in this 
case using failure information (J/ can be read as 'j fails'). Notice that J/ does not 
imply '-i =' anymore (we have, for instance, f J/f). Similarly, Y is also an approxi- 
mation to '-i I' which can be read as 'f fails'. 

The following proposition reflects these and more good properties of J., |, J/, Y- 

Proposition 1 

The relations j, |, J/, / satisfy 
a) For all i, i', s, s' E CTerm j_ >F 

i) tli'^tl t' and t | *' * T *' 

u) tu'^t Yt' => -.(t 1 t') 
m) t it' ^ t yt' ^ -.(i t 

&) Ii Ti K yare monotonic, i.e., if t C s and t' C s' then: tdit' => softs', where 3? G 
{Ii T> Y) ■ Furthermore Yg and Ya are the greatest monotonic approximations 
to -i |g and -i |g respectively, where 3?g is the restriction of 5ft to the set of 
ground (i.e., without variables) c-terms from CTerm±,f. 

c) I and Ya,re closed under substitutions from CSubst; J/ and f are closed under 
substitutions from CSubst±,p 
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Proof 

We prove each property separately: 

a) i) • t It' t It': two terms satisfying the relation j cannot contain _L neither 
f. Hence t = t and t' — t' , and the equivalence is trivial. 
• 1 1 1' <=>■ t | t 1 : the relation f is satisfied when the terms have a DC-clash 
at some position p; since t and t (t' and t' resp.) have the same constructor 
symbols at the same positions, the equivalence is clear. 
ii) The implication t | t' => t J/ t' is clear from definitions of f and J/. For 
t yt' => ->(i I t'): if t yt' then either f appears in t or t', or t and t' have a 
DC-clash. In both cases tit' does not hold, 
m) For t | i' t yt': if t | t' then t = t' with t G CTerm and we have t yt' by 
applying repeatedly i) and m) of the definition of y. For t yt' =>- -i(t | let 
us assume t yt' and proceed by induction on the depth d of t: 
d = : if t = _L or t = f then t and t' cannot have any DC-clash and then 
t T t' is not true. If t = X or t = c G DC then t / 1' implies that t' = f or 
= t; therefore t and i' cannot have any DC-clash and t | t' is not true. 
=» c? + 1 : if t = c(ti, t n ), then either t' = f and i | t' is not true, or 
t' = c(t[, ■■■,t' n ) with ti y t\ for all i € {1, ...,n}; in this case, by i.h. there is 
not a pair (U,^) with a DC-clash, so neither t and t' have DC-clashes, and 
therefore t f i' is not true. 
6) We prove monotonicity for each relation: 

• For j: by definition of J., if t J. t' then i, i' G CTerm (they are maximal with 
respect to hence s = i and s' = i' and then s J. s'. 

• For |: if t | t' then t and have a DC-clash at some position. As t C s and 
t' C s', then s and s' will have the same DC-clash at the same position, so 
s t s'. 

• For y. if t and have a DC-clash, s and s' will contain the same DC-clash, 
as in ii). If one of them has f as subterm, by definition of □ it is clear that s 
or s' will also contain f, so s J/s'. 

• For y. Here we proceed by induction on the depth d of the term t: 

d = : let us check the possibilities for t. If t = X or t = c e DC , then t yt 1 
implies t' = t or t' = f; since t 7 t' are maximal with respect to C, then s = t 
and s' — t' , so we will also have s y s' . If t = f then s — f and then it is clear 
that s y s' . If t = _L then t' = f = s' and it is clear that s y s' . 
d =j> + 1 : in this case t = c(fi, ...,£«) and then either i' = f, what implies 
s' = f and then s y s' , or t' = c(t[, ...,t' n ) with ^ 1\ for all i 6 {1, ...,n}. 
From iCs and t' □ s' it follows that s = c(si, s„) and s' — c(s' 1 , s^), 
and by i.h. we have Si y s- for all i G {1, •••,«}, what implies s y s' . 

Now we prove that J/g and are the greatest monotonic approximations to -i \.q 
and -i |g respectively. We note by GCTerm± i f the set of all ground t G CTerm± t f. 

• For J/g, assume that a relation i? C (GCTerm±f x GCTerm±f) verifies 

tRt' ->(t la f) 
trs,t' c s ',tiit' ^ si?s' 
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We must prove that R is included in Yg, that is: (tRt' => t Yg i'), for any 
t,t' G GCTerm± > f. We reason by contradiction. Assume tRt' and Yg t'). 
Then, by definition of Yg, t and i' do not contain f and do not have a DC-clash. 
Then either t = t', or t and t' differ because at some positions one of them 
has _L while the other has not. In both cases it is easy to see that there exists 
s G GCTerm (totally defined) such that fCs and t' C s. By monotonicity 
of R we have sRs what implies -i(s |g s ), what is a contradiction, since 
s G CTerm. 

• For Yc we proceed in a similar way as in the previous point: assuming that 
R C (GCTerm ± . F x GCTerm±, f ) verifies 

tCs.fC s'ltRt' =>■ si?s' 

we must prove (iitt' i But ^ then -i(t |g i'), so i and t' cannot 

have any DC-clash. They could contain f as subterm but then, by ii) and Hi) 
of the definition of Y, we will have t Yg t' ■ 

c) The property is clear for J,: if we replace in a c-term all the occurrences of a variable 
by a totally defined c-term, we will obtain a totally defined c-term. For f, such 
substitution preserves the DC-clash of the original c-terms. 

For /, if some of the original c-terms had f as a subterm, the substitution preserves 
this occurrence of f. On the other hand, if they had a DC-clash, then it is clear 
that this clash will also be present under the substitution. 

For Y-, suppose t J 't and 9 G CSusbt^^; we proceed by induction on the depth d 
of the term t: 

d = : if t = f, then t9 = f and it is clear that t9 Yt'd- For the cases t = X and 
t = c G DC we have two possibilities for t': t' = F or t' = t; if t' = F the result is 
clear. If we have t = t' = X it is not difficult to prove that X9 Y X0 by applying 
repeatedly i) and in) of definition of Y- The last case, if t = t' = c € DC is trivial 
because 9 does not change the terms. 

d=> d+1 : in this case t = c(ti, ...,i n ). If t' = F the proof is as in the base case, 
otherwise t' — c(t[, ■■■,t' n ) with ti Yt'i for all i G {1, ...,n}. By i.h. we have t{9 Yt'fl 
and then, by Hi) of the definition of Y we will have tO Yt'9. □ 

By (b), we can say that |, f, J/, y behave well with respect to the information or- 
dering: if they are true for some terms, they remain true if we refine the information 
contained in the terms. Furthermore, (b) states that /, y are defined 'in the best 
way' (at least for ground c-terms) as computable approximations to -i 1 and -i f. 
For c-terms with variables, we must take care: for instance, given the constructor 
z, we have -i(X J. z), but not X Y z - Actually, to have X Y z would violate a 
basic intuition about free variables in logical statements: if the statement is true, 
it should be true for any value (taken from an appropriate range) substituted for 
its free variables. The part (c) shows that the definitions of J., |, ¥, Y respect such 
principle. Propositions and of the next section show that monotonicity and 
closure by substitutions are preserved when generalizing J., |, y, y to cxi, o,t^i, <£>■ 
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We can present now the proof rules for the CRWLF- calculus, which are shown 
in Table [21 The rules 6 and 7 use a generalized notion of c-instances of a rule R: 
[R]±,f = {R9 | 8 G CSubst± y f}. We will use the notation V \- rwlf <P CP Vcrwlf f 
resp.) for expressing that the statement if is provable (is not provable resp.) with 
respect to the calculus CRWLF and the program V . CR K^Li^-derivations have a tree 
structure (see e.g. Example [5J; many results in the following sections use induction 
over the size of the derivation, i.e., the number of nodes in the derivation tree, 
which corresponds to the number of inference steps. 

The first three rules are analogous to those of the Ci?W^calculus, now dealing 
with SAS's instead of simple approximations (notice the cross product of SAS's in 
rule 3). Rule 4 is a complex rule which requires some explanation to make clear 
its reading and, more importantly, its decidability: to obtain an SAS C for an 
expression f(ei, . . . , e„) (that is, to derive /(ei, . . . , e„) < C) we must first obtain 
SAS's for ei,...,e n (that is, we must derive e\ < Ci, . . . , e n < C„); then for each 
combination t of values in these SAS's (that is, for each t € C\ X . . . X C n ) and each 
program rule R for /, a part C R j of the whole SAS is produced; the union of all 
these partial SAS's constitutes the final SAS C for /(e). Notice that since SAS's 
are finite sets and programs are finite sets of rules, then there is a finite number of 
C R j to be calculated in the premises of the rule, and the union of all of them (the 
final calculated SAS in the rule) is again a finite set 2 . 

Rule 4 is quite different from rule 4 in CRWL, where we could use any c-instance 
of any rule for /; here we need to consider simultaneously the contribution of each 
rule to achieve 'complete' information about the values to which the expression can 
be evaluated. We use the notation /(£) <1r C to indicate that only the rule R is 
used to produce C. 

Rules 5 to 8 consider all the possible ways in which a concrete rule R can con- 
tribute to the SAS of a call f(t), where the arguments t are all in CTerm±f (they 
come from the evaluation of the arguments of a previous call /(e)). Rules 5 and 6 
can be viewed as positive contributions. The first one obtains the trivial SAS and 
6 works if there is a c-instance of the rule R with a head identical to the head of 
the call (parameter passing); in this case, if the constraints of this c-instance are 
provable, then the resulting SAS is generated by the body of the c-instance. Rules 7 
and 8 consider the negative or failed contributions. Rule 7 applies when parameter 
passing can be done, but it is possible to prove the complementary e^e^ of one 
of the constraints e^e^ in the condition of the used c-instance. In this case the 
constraint e^e^ (hence the whole condition in the c-instance) fails. Finally, rule 
8 considers the case in which parameter passing fails because of a DC U {F}-clash 
between one of the arguments in the call and the corresponding pattern in R. 

We remark that for given f(t) and R, the rule 5 and at most one of rules 6 to 8 
are applicable. This fact, although intuitive, is far from being trivial to prove and 
constitutes in fact an important technical detail in the proofs of the results in the 
next section. 

2 To be more precise, this reasoning would be the essential part of an inductive proof of finitcness 
of SAS's. But we do not think necessary to burden the reader with such formality. 
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(1) e < {±} 



/o\ ei ^ ^! e ™ ^ ^ n ^- r^r^ri , , r,--i 

(■j) — 7 \ t—r, , i i t — t; n -i c £ DC U\F\ 

w c(ei, ...,e„) < {c(ti, ...,*„) | t G Ci x ... x C„} 11 

^ ei <3 Ci ... e n < C„ ... /(F) <g C fl j ■■■ j £ 
/(ei, e„) <a \J ReVf j eCl x...xc n ^R,t 

(5) 



/(*) <K U} 

(6) (/(7)^C)e[E] ± , F 

(7) f( t)^\ F } (/(*) "> e e ^ e " -) G [ fl l-L.F. where < e {!. ■■■■ n > 

Ji = (f{si, s„) — » e -£= C),i» and have a 

^' f(ti, ...,t n ) < R {F} DC U {F}-clash for some i G {1, n) 

e<C e'<C 3teC,t' eC t it' 

w e ixi e 

(10) e<c e ' ateC,t' eC n*' 

v ' e O e 

(11) e<C et // C ' vtect'ec'tyt' 

(12) 6 < C 6 ' f C ' Vt€C,t' eC tfi' 



(13) 



e <f> e 
g < ( F ) 



fails(e) < {true} 



( 14 ) F^t4^-TT1 i 3t€C,t^±,t^F 
v ; fails(e) < {/aZse} 



Rules 9 to 12 deal with constraints. With the use of the relations j, T, /, ^ intro- 
duced in Sect. 3.3 the rules are easy to formulate. For e txi e' it is sufficient to find 
two c-terms in the SAS's verifying the relation J,, what in fact is equivalent to find a 
common totally defined c-term such that both expressions e and e' can be reduced 
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to it (observe the analogy with rule 5 of CRWL). For the complementary constraint 
tjh we need to use all the information of SA S's in order to check the relation J/ over 
all the possible pairs. The explanation of rules 10 and 12 is quite similar. 

Finally rules 13 and 14 provide together a formal definition of the function fails 
supported by the notion of SAS. Notice that the SAS's {±} or {±, f} do not provide 
enough information for reducing a call to fails. The call fails(e) is only reduced to 
{true} when every possible reduction of the expression e is failed; and it is reduced 
to {false} there is some reduction of e to some (possible partial) c-term of the form 
c(...) (c G DC) or X. 

The next example shows a derivation of failure using the Ci?WXF-calculus. 

Example 5 

Let us consider a program V with the constructors z, s for natural numbers, [ ] 
and ':' for lists (although we use Prolog-like notation for them, that is, [z,s(z)|I/] 
represents the list {z : (s(z) : L))) and also the constructors t,f that represent the 
boolean values true and false. Assume the functions coin and h defined in Sect. 13.21 
and Sect. 14. II respectively and also the function mb (member) defined as: 

mb(X, [Y\ Ys}) — tt<=XMY 
mb(X, [Y\ Ys}) -> t <= mb(X, Ys) tx t 

If we try to evaluate the expression mb(coin, [s(h)]) it will fail. Intuitively, from 
definition of h the list in the second argument can be reduced to lists of the form 
[s(s(...))] and the possible values of coin, z and s(z), do not belong to those lists. The 
Ci?WXF-calculus allows to build a proof for this fact, that is, mb(coin, [s(h)]) <J {f}, 
in the following way: by application of rule 4 the proof could proceed by generating 
<5^4S"s for the arguments 

com < {z,s(z)} (<pi) [ 8 (h)] < {[s(s(±))]} (cp 2 ) 

and then collecting the contributions of rules of mb for each possible combination 
of values for the arguments; for the pair (z, [s(s(_L))]) the contribution of the rules 
defining mb (here we write <i to refer to the first rule of mb and <2 for the second) 
will be 

mb(z, [s(s(±))]) <! {f} (<p 3 ) mb(z, [s(s(±))}) < 2 {f} fo> 4 ) 
and for the pair (s(z), [s(s(_L)]) we will have 

mb(s(z),[ S (s(±))]) <! {f} (<p 5 ) mb{ S {z), [s(s(±))}) < 2 {f} (<p e ) 

The full derivation takes the form: 

<Pl <P3 V>4, ^5 <^6 

4 

mb(coin, [s(h)]) < {f} 

The 5^45 {f} in the conclusion comes from the union of all the contributing SAS's 
of ip 3 , ip A , ip 5 and ip 6 . The statements ip 1 to ip 6 require of course their own proof, 
which we describe now. At each step, we indicate by a number on the left the rule 
of the calculus applied in each case: 

The derivation for ip 1 is not difficult to build, and for tp 2 it is: 
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z<{±} 

3 


h < {_L} 

3 


s(z) < {*(_!_)} 

6 


8(h) < {*(-L)} 

6 


h< 1 {8{±)} 

A 


fc< a W-L)} 



/i«{s(T)} 

' «W < OW))} 3 []<{[]} 

[«(/!)] < {[*(*(-L))]} 

For ip 3 it can be done as follows: 

J-<{_L} 

3 

*(-L) < { S (±)} 
3 3 

z < {z} s(s(±)) < {s(s(±))} 

ii 

z tfo s(s(±)) 
'I 

<p 3 = mb(z, [s(s(-L))]) < 1 {f} 

Here, the failure is due to a failure in the constraint z X s(s(_L)) of the used 
program rule, what requires to prove the complementary constraint z tyh s(s(_L)) by 
rule (11). In this case there is a clear clash of constructors (z and s). 

For <f 4 a derivation might be this one: 

3 3 8 S 



z<{z} [}<{[}} mb(z,[])<A^} mfe(z,[])< 2 {F} 



4 


mb(z,[}) < {f} 


3 

t<{t} 


11 


mb{z,[]) ^{t} 




<P4 = mb(z,[8(a(±))]) < 2 {f} 



The failure is due again to a failure in the constraint of the rule and in this case 
the complementary constraint is mb(z, [ ]) ^ t. Now it is involved the failure for 
the expression mb(z, [ ]) that is proved by rule (4) of the calculus. The SASPs for 
the arguments only produce the combination (z, [ ]) and both rules of mb fail over 
it by rule (8) of the calculus. 

The derivations for ip 5 and <p e are quite similar to those of ip 3 and ip 4 respectively. 
All the contributions obtained from ip 3 , </? 4 , <p 5 and Lp 6 are {f}, and putting them 
together we obtain {f} as an SAS for the original expression mb(coin, [s(h)]), as it 
was expected. 
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5 Properties of CRWLF 

In this section we explore some technical properties of the CR FFLF-calculus which 
are the key for proving the results of the next section, where we relate the CRWLF- 
calculus to the CiJFFL-calculus. In the following we assume a fixed program V . 

The non-determinism of the Ci?WXF-calculus allows to obtain different SAffs for 
the same expression. As an SAS for an expression is a finite approximation to the 
denotation of the expression it is expected some kind of consistency between SAS's 
for the same expression. Given two of them, we cannot ensure that one SAS must 
be more defined than the other in the sense that all the elements of the first are 
more defined than all of the second. For instance, two SASFs for coin are {_L, s(z)} 
and {z, _L}. The kind of consistency for SAS's that we can expect is the following: 

Definition 2 {Consistent Sets of c-terms) 

Two sets C,C C CTerm±.f arc consistent iff for all t € C there exists t' G C (and 
vice versa, for all t' G C there exists t G C) such that t and t' are consistent. 

Our first result states that two different SAS's for the same expression must be 
consistent. 

Theorem 1 {Consistency of SAS) 

Given e G Term±,f, if V \~ C rwlf e < C and V \~ C rwlf e < C, then C and C are 
consistent. 

This result is a trivial corollary of part a) of the following lemma. 

Lemma 1 {Consistency) 

For any e, e', ei, e2, e[, e' 2 G Term± t f 

a) If e, e' are consistent, V ^ C rwlf e <\C and V \ crwlf e' < C, then C and C are 
consistent. 

b) If ei,e[ are consistent and e2 7 e' 2 are also consistent, then: V \~ C rwlf ei0e2 

[/crwlf e i^ e 2 

Proof 

For proving the consistency lemma we will split 6) into 6.1), 6.2) and also strengthen 
the lemma with a new part c) : 

6) If e\,e[ are consistent and e2 7 e' 2 are also consistent, then: 

6.1) V \ crwlf ei cxi e 2 =^> V \f 'crwlf e[ tfa e' 2 

6.2) V V crwlf ei O e 2 =>- P t/csivLF ei <?i> e' 2 

c) Given t,t G CTerm± t fX...xCTerm± t f pairwise consistent and R G T 5 /, if V ^ crwlf 
f{t) < R C,f{t) < n C, then C and C arc consistent. 

Now we will prove a), 6) and c) simultaneously by induction on the size I of the 
derivation for e < C in a), ei X e 2 in 6.1), ei O e 2 in 6.2) and /(T) C in c). 
| = 1: 



a) The possible derivations in one step are: 
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• e < {_L}. This SAS is consistent with any other; 

• X <i {X}. Then either e' = X or e' = T, so the possibilities for C are {X} 
or {^}, both consistent with {X}; 

• c < {c}, where c G DC U {f}. In this case e' must be c or _L, whose possible 
SAS's are {c} and {J-}, that are consistent with {c}. 

fe) There is no derivation of the form e ixi e' or e O e' in one step, 
c) The possible derivations of the form f(t) < R C are: 

• f(t) <S R {J-}. This SAS is consistent with any other; 

• /(*) <!r { f }) by means of rule 8, i.e., there exists some R = (f(s) — > e -<= C) G 
T 3 / and some z such that and have a DC U {F}-clash at some position p. 
The SAS C for /(i') using the function rule R must be done by one of the 
rules 5 to 8: 

— if rule 5 is used then C — {_L} that is consistent with C; 

— rule 6 is not applicable: U and t\ are consistent because t and t are pairwise 
consistent; then either t\ at position p has the same constructor symbol as 
U (and then the clash with Sj remains), or t\ at p or some of its ancestor 
positions has _L. In both cases it is clear that there is not any c- instance 
of R for using rule 6; 

— by rules 7 or 8 the SAS is {f} that is consistent with the initial one {f}. 

l^l + l : 

a) In I + 1 steps the possible derivations for e <d C are: 

ei < Ci ... e n <3 C n 

• = by rule 3, where c G DC n 

e = c(ei, ...,e„) < {c(h, ...,t n )\t G C\ x ... x C n } 

(n > 0). Then either e' = _L, whose only possible SAS is {J-}, that is consistent 

with any other, or e' = c(e' 1; ...,e^) with and e' n being consistent for i G 

{1, . . . , n} and the SAS is produced by rule 3: 

e' 1 <C[ ... e' n <iC' n 

e> = c(e[,...,e> n ) < {c(t[, ...,t' n )\t e C[ x ... x C'J 

By i.h. C- is consistent with d for all i G {1, n} and then it is clear that C 
and C are also consistent. 

e 1 <C 1 ... e„<C„ f(t)< R C Rl 

• '■ by rule 4. Then either e = _L 

e = /( e l: e ") < Uile'P / ,?eCiX...xC n ^R,t 

whose only possible SAS is {±} that is consistent with any other, or e' — 

f{e' 1 ,...,e' n ) with ei,e\ consistent for all i G {l,...,n}. If the SAS for e' is 

generated by rule 1 of the calculus, the result would be clear and for rule 4 

ef 1 <C[ ... e' n <C' n f(t)< R C R j 
we have ■ 

e ' = /( e i> e n) ^ Ui?ep / ,t'ec;x...xc; ^fl,t' 

By i.h. Ci and C- are consistent for all i G {l,...,n}, what means that for 

each t E Ci x ... x C n there exists i G CJ x ... x C' n consistent with t. Again 
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by i.h. wc have that each SAS C R j is consistent with C R f and it can be 
easily proved that C = {j Re -p f JeCix xc n ^R-t * s t nen consistent with C = 
UijeP/,t'ec;x...xc; ^R,t'- 
ei < {f} 

by rule 13. If e = _L the result is clear, else e = 

e = fails(ei) < {irae} 

fails(e' 1 ). Then the &4S for e' requires to obtain an SAS C for e^. By i.h., C 

must be consistent with {f} what means that C = {f} or C = {_L}. Then, 

the possible SAS's for e' are {!_} and {true} (by the same rule 13), both 

consistent with {true}. 

d < Ci 

by rule 14, such that there exists t G C\ with t ^ _L, 

e = fails(ei) < {/o/se} 

i ^ f. If e' = _L the result is clear. Otherwise, if e' = fails(e' 1 ) the for e' 

must be obtained by one of the rules 1, 13 or 14. By rule 1 it would be {±} 

consistent with any other one; rule 13 would need to obtain the SAS {f} for 

e[, but this is not possible because it must be consistent with C\ by i.h., so 

rule 13 is not applicable; and rule 14 would provide the SAS {false} for e', 

consistent with itself. 

6.1) If we have a derivation for e\ ixi e 2 by rule 9, there exist two SAS's C ei and C e2 such 
that e < C ei , e2 < C e2 and there exist t G C ei ,t' e C e2 with £ X 

Now, let ei,e 2 be consistent with ei,e 2 respectively, and assume that e[ ifo e' 2 can 

be proved. We reason by contradiction. Since e[ tfo e' 2 is provable, we can prove 

e[ < C e ^ , e' 2 < C e > 2 such that for all s € , s' E C e > 2 it will be s J/s'. 

By i.h. C ei is consistent with , what implies that there exists u E consistent 

with t, and then there exists v such that v 3 u, v □ i. In a similar way, there exists 

w' G C e ^ consistent with t', so there exists u' such that v' □ u', i/ □ t'. 

As u G and u' G C e ^ wc would have u j/u'; by monotonicity of y we have v / v', 

what implies J. v'). But monotonicity of J., together with t I t' ,v Zl t,v' Zl t' , 

implies v I v', what is a contradiction. 

6.2) The case of ei O e 2 proceeds similarly to 6.1), using in this case monotonicity of 
t and y. 

c) In I + 1 steps the possible derivations for f(t) <S R C where R = (f(s) — > e C), 
are: 

e6»<]C 

• = by rule 6, using the c-instance R9 (9 G CSubst± f), such that t = s6>. 

/(*) <n C 

The derivation /(t') < fi C must be done by one of the rules 5 to 8: 

— if f(t) <i R {_L} by rule 5, it is clear that this SAS is consistent with C; 

eff < C C6i' 

— if the derivation is done by rule 6, it will have the form — using 

f(t ) < R c 

a c-instance i?^' of R. In particular, we have f — W and we also had t = s9. 
As t and i are pairwise consistent, and var(e) C war(s) it is not difficult to 
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see that eO and eO' must be consistent. Then by i.h. (part a)) we deduce that 
C and C are consistent SAS's. 

— rule 7 is not applicable: suppose that we have the derivation ; 

_ fit') < R {F} 

using a c-instance RO' of R and CiO' being a constraint of CO. Analogously 
to the previous case, we have that both members of CiO' are consistent with 
the corresponding ones of dO; as CiO is provable then by i.h. (part &)), CiO' 
is not provable, what means that rule 7 cannot be applied. 

— rule 8 is not applicable: there cannot be a pair of t and s with a DC U {f}- 
clash because then the corresponding pair of t and sO = t would have the 
same clash (the substitution cannot make disappear the clash). 

ao 

• = by rule 7, being RO a c-instancc of the rule R such that t = sO. The 

/(*) <H M 

derivation f(t) <i R C can be done by one of the rules 5 to 8: 

— by rule 5, the SAS is {_L} that is consistent with any other; 

— it is not possible to use rule 6 because we would need to prove a constraint 
CiO' of a c-instance R9' of R. As sO = t and W = f are pairwise consistent 
and var(Ci) C var(s), both members of CiO and CiO' will be also consistent. 
Then by i.h. (part &)), as CiO is provable, CiO' will not be provable. 

— if 7 or 8 applies we will have C = {f} that is consistent with C = {f} (in fact, 
8 would not be applicable). □ 

As a trivial consequence of part b) we have: 
Corollary 1 

V \~crwlf e^e' => V \/crwlf e<0>e', for all e, e' G Term± i p 

This justifies indeed our description of ^ and <j> as computable approximations 
to the negations of x and O. 

Another desirable property of our calculus is monotonicity, that we can informally 
understand in this way: the information that can be extracted from an expression 
cannot decrease when we add information to the expression itself. This applies also 
to the case of constraints: if we can prove a constraint and we consider more defined 
terms in both sides of it, the resulting constraint must be also provable. Formally: 

Proposition 2 (Monotonicity of CRWLF) 
For e, e', ei,e2,e' 1 ,e' 2 & Term±.f 

a) If e C e' and V h 6WLF e < C, then V \~ C rwlf e' < C 

b) If ei C ei, e 2 C e' 2 and "P h cj?h/ljt ei<0e2 then \~ C rwlf e^e^, where 
G {txi,!^, o,<^>} 
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Proof 

Again we need to strengthen the result with a new part c) 

c) Given t,t e CTerm± t f x ... x CTerm^f such that t{ C ^ for all i e {1, ...,n} and 
R eV f , if f(t) < R C then f(t) < R C 

We will prove parts a), b) and c) simultaneously by induction on the size I of the 
derivation for e <\ C in a), eiOe 2 in 6) and f(t) < R C in c): 
Z = 1 : 

a) The derivation of e < C in one step can be: 



• e < {J-}, and it is clear that also e' < {_!_} 

• X < {X}: then e = e' = X 

• c < {c}, c e £>C°: then e = e' = c 

&) For eiOe 2 there are not possible derivations in one steps, 
c) For f(t) < R C the derivations can be: 

• f(t) < R {_L}, using rule 5. Then for all t we have /(i ) < R {!_} 

• /(?) <a H {f}, using rule 8. Then R = (f(s) — > e <= C) and t and s have a 
DC-clash at some position. If t C t then t' and s have the same clash, and 
rule 8 allows to prove also f(t') < R {f}. 

l^l + l : 

a) We distinguish three cases for the derivation of e < C: 

• e = c(ei, ...,e„). Then the derivation of e < C must use the rule 3 and take 

ei < C\ ... e„ < C„ 

the form: = Since e C e , e must 

c(ei, ...,e„) < {c(*i, ...,t„)|t e Ci x ... x C n } 

take the form e' = c(e' 1; e^) with ei C e' l7 ...,e„ C e' r By i.h. we have 

e[ < C\,...,e' n < C n and with the same rule 3 we can build a derivation for 

c(V) < C. 

• e = /(ei, e„). Then the derivation of e < C must use rule 4 and take 

ei < Ci ... e„ < C /(t) < fi C flJ 

the form: e must take the form e = 

/(ei, e„) < Ufle^jeCi x...xc„ 
/(e'j, e' n ) with ej C e\. By i.h. we will have e[ < Ci,...,e^ < C„ and then 
we have the same tuples t, the same SASFs C R j and finally the same SAS for 
/(e')- 

• e = fails(ei). Then e' = fails (e^). The derivation e < C must be done by one 
of the rules 13 or 14, that require to obtain an SAS for e\. By i.h. if e\ < C\ 
then e[ < C\ and then the same rule (and only that) is applicable to obtain 
the same SAS for e', that will be {true} if rule 13 is applicable or {false} if 
rule 14 is applied. 

b) The derivation ei<^e2 with (} e {txi, i^i, o, <^>} will be done by generating the 
SAS's e\ < C\ and e 2 < C 2 . By i.h. we have e[ <C\,e' 2 < C 2 and then it is clear 
that e'jOe^ is also provable. 
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c) We distinguish the following cases according to the rule used for the derivation of 
/(<) < R C: 

e9<CC9 

• By rule 6 the derivation would be: where the rule R is 

f(tx,...,t n ) < R C 

R = (f(s%, s n ) — > e 4= C) and 9 G Subst± >F such that s9 = t. 
We will show that the same rule 6 is applicable for generating an SAS for 
f(t ) being ti C t' i for all i G {1, n}. The idea is that if ti C t\ then t\ is 
the result of replacing some subterms _L of ti by c-terms more defined than 
_L. As Si G CTerm then the corresponding positions or some ancestors must 
have variables in s^. Then we can get a substitution 9' G CSubst±,f such 
that 9 \— 9' and SiO' =t' i . A formal justification of this fact may be done by 
induction on the syntactic structure of ti and, as s is a linear tuple, the result 
can be extended in such a way that s7#' = t . 

We also have that e9 C e9' , so by i.h. we have e9' <J C. As the constraints 
C9 are provable and 9 C then by i.h. 6), the constraints C0' will also be 
provable. So we can build a derivation for f(t ) < R C by rule 6. 

• By rule 7 the derivation would be: where the rule R is R = 

fit) <H {F} 

(/(s) — * e <s= Ci, ...,C n ),i G {1, n} and G CSubst± t p is such that s0 = I. 
As t □ I , in a similar way as before there exists 9' such that s0' = t and 
by i.h. we can prove Ci9' , what implies that we can build the derivation for 
/(*') {f}, usm g rule 7. □ 

Remark: Monotonicity, as stated in Prop. |3 refers to the degree of evaluation of 
expressions and does not contradict the well known fact that negation as failure 
is a non-monotonic reasoning rule. In our setting it is also clearly true that, if we 
'define more' the functions (i.e, we refine the program, by adding new rules to it), 
an expression can become reducible when it was previously failed. 

The next property says that what is true for free variables is also true for any 
possible (totally defined) value, i.e., provability in CRWLF is closed under total 
substitutions. 

Proposition 3 

For any 9 G CSubst, e, e' G Termx,F 

a) V \ crwlf e<C^V \ crwlf e9 < C9 

b) V h CRWLF CRWLF 

e90e>9 

Proof 

Again we need to strengthen the result, with a new part c): 

c) /(<) < R C => f(t)9 <i R CO, for any t G CTerm ±yF x ... x CTerm ±yF 

We prove simultaneously the three parts by induction on the size / of the deriva- 
tions. 
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I = 1 : in one step we can have the derivations e < {-L},c < {c} (c G DC U {f}) 
and X < {X}. The property is obvious for the first two and the third follows from 
the fact that if t € CTermx,F then t < {t} is provable (this can be proved by 
induction on the depth of the term t). Notice that X9 G CTerm C CTerm± } f, so 

xe < {X6}. 

I => l + 1 : now we can have the following derivations: 

ei < Ci ... e„ < C„ 

by rule 3 we have By i.h. we have 

c(ei,...,e„) < {c(h, ...,t n ) | i G d x ... x C„} 

ej(9 <3 for all i G {1, ...,n} and again by rule 3 we can build a derivation for 

c(e)9 < {c{ti,...,t n )e | 16 G CiO x ... x C n 9} 

ei<Ci ... e„<C„ ... f(t)< R C Rj ... 

by rule 4 we have ] By i.h. we have 

/(ei,...,e„) < \JiieVf,teCix...xc„ ^R,t 
CiO < CjS for all i G {1, n} and < R C R j9 for each t6» G C\9 x ... x C„6<} and 

each rule R G T 3 /. So we can get a derivation for f(e)0 < Uiie7> teeCi0x xc„e ^fl,te 

by rule 5 we have and it is clear f(t)6 <„ {-L} 

f(t) < R {^} 

eQ 1 <C CO' _ _ 

by rule 6 we have where (f(s) — > e <^ C) G R and 6*' G CSubst± p 

fit) < fl C 

is such that /(i) = f(s)9'. For the call f(t)9 we can get the appropriate c-instance 
by composing 6' and 6, so /(i)0 = f(s)9'9. By i.h. we have e9'9 < C6» and C6»'6», 
and then C6* by the same rule 6. 

ei0'Wi9' _ _ 

by rule 7 we have where (/(s) — > e 4= C) G i? and 9' G CSubst± f 

fit) <r {F} 

is such that f(t) — f(s)9'. As before, for the call f(t)6 we can get the appropriate 
c-instance by composing 6' and 9, so f{t)9 — f{s)9'9. By i.h. we have ei9 l 9(}e' i 9'9, 
and then f{t)9 < R {F} 

by rule 8 we have where R = f/(si, s n ) e •<= C) and 

/(*!,...,*„) < fl {F} 

such that ii and Sj have a DC U {F}-clash for some i G {1, n}. It is clear that t$ 
and Si will have the same clash so f(t)9 <j r {f} 

by rules 9 to 12, the derivation would have the form e§e' . By i.h. we have e9 < 

e'9 < C'9. Now, if we take t G C, t 1 e C and i3W' holds (where U G {|, t, jf, 
then tesRt'fl also holds, by Prop. □ It follows that e9<)e'9. 

by rule 13 (or rule 14), it must be e = fails (e±). This rule requires to obtain an 
SAS for ei, say e\ <\ C\. Then by i.h. e±9 < C\9 and it is clear that rule 13 will be 
applicable to derive e < {true} (or e < {false} by rule 14). □ 



6 CRWLF related to CRWL 

The CR WX-F-calculus has been built as an extension of CRWL for dealing with 
failure. Here we show that our aims have been achieved with respect to these two 
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emphasized aspects. In order to establish the relations between both calculus we 
consider in this section the class of programs defined for CRWL, i.e., rules cannot 
use the function fails. This means that rules 13 and 14 of the CRWLF-calculus are 
not considered here. 

First, we show that the CiiWLP-calculus indeed extends CRWL. Parts a) and b ) 
of the next result show that statements e < C generalize approximation statements 
e — > t of CRWL. Parts c) and d) show that CRWLF and CRWL arc able to prove 
exactly the same joinabilities and divergences (if f is ignored for the comparison). 

Proposition 4 

For any e, e' G Term±_f 

a) V I crwlf e < C => Vi G C,V \~ C rwl e^i 

b) V \~crwl e — > £ =>■ 3C such that t G C and P r- OWLP e < C 

c) V I crwlf e XI e' V \- C rwl e ixi e' 

d) P I- crwlf e O e' <^> P \- C rwl e O e' 

In order to prove the property we split it into two separate lemmas. The first one 
contains a) , the right implication of c) and d) and a new part e) : 

Lemma 2 

Let P a CWLF-program. Then: 

a) V I cr.wlf e<iC^\fteC,V \- cnwL e^i 
c) P I-cbwlf e xi e 1 => V \- C rwl e cxi e' 

CRWLF 

e O e' => V I crw'l eOe! 

e) Given i G CTerm±f x ... x CTerm±f and i? G P/: V \~ C rwlf /(?) <„ C => 
Vt G C, P h CWL /(f) - t 

Proo/ 

We prove simultaneously all the parts by induction on the size I of the corresponding 
derivation: 

I = 1 : the derivation can be: 

P ^ crw'l f e < {-L}, and we have P \- C rwl e -> _L 

P I crwlf X < {X}, we have X = X and P h 6WL X X 

P h crwlf c < {c}, where c G DC and we have c — c and P ^ctovl c — > c 

P Kwlf f < {f}, we have f = _L and P I crwl -L -» -L 

P I-cbh'lf /(*) < R {J-}, and we have V \- C rwl /(£)—► ± 

V ^ crwlf f(t) < R {f}, and wc have P \- CRWL /(£)->!- 

I => I + 1 : the derivation can be: 

P I crwlf c(ei, ...,e„) < {...,c(ti, ...,i„), ...}, then by the rule 3 of CRWLF, it must 
be V I crwlf < {■••, U, ...}. By i.h. we have V \~ C rwl &i — * an d then we can build 
the derivation P h 6WL c(ei, e„) — > c(t\, ...,t n ), by the rule 3 of CRWL. 
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crwlf ■••! e n) <J {•••ji; ■■■}• This derivation must use the rule 4 of CRWLF, 
and then we will have the derivations V \~ crwlf &i < Cj for all i G {1, ...,n} and 
/(t) <3 B C R j. It must be i G C R j for some i G Ci x ... x C„ and i? G P/. By i.h. wc 

will have V \~ C rwl /(F) -» i 

V \- CRWLF f{t) < R C by rule 6 of CRWLF, for which we take R = (/(s) -> e 4= 
(7),0 G CSubst± lF such that s6> = I We can define 0' G CSubst^ as X0' = ± if 

X # = f and X0' = X0, in other case. So we have W = % e0' = eO and CO' = CO. 
Now we can take (/(f) — > e -£= C)0' G [P]j_. We also have e0 < C and if t G C by 

i.h. we have e0 — > t, or what is the same, e0' — > i. Also by i.h. C6' = CO is provable 
within CRWL, and therefore /(£) -► £ by rule 4 of CWL. 
P I crwlf /(*) < H {f} and we have P \~crwl /(*) -» 1 

P I crwlf e tx e' using the rule 9 of CRWLF. Then we will have P h c/ ,„, 1F e < C, 
P h crwlf e' < C and there exist t G C, t' G C such that tit' (by definition of J, it 
is easy to see that t = t'). By i.h. we have P \- amt e — > f and P h owi e' —> i and 
by rule 5 of CWL we have P \~ crwl & ^ £■ 

P ^ crwlf e O e' using the rule 10 of CRWLF. Then we will have V \~ crwlf e < C, 
P h crwlf e' <1 C and there exist t G C, t' G C such that t f i'. By definition of | , t 
and £' have a DC-clash. By i.h. we have V \~ C rwl e — ► i and P h owi e' — ► i and by 
rule 5 of CRWL we have P h~ 6 < ^ ^- 1—1 

We now state the second lemma for Proposition 0] in which the part b) and the 
left implications of c) and d) will be proved. 

Lemma 3 

For any e, e' G Term^.p 

&) P ^cHWi e — > t => 3C such that teC and P h cwtF e < C 

c) V I crwl etxie' \- crwlf etxje' 

d) V h eOe'^V V- crwlf e O e' 

Proof 

We prove the three parts simultaneously by induction on the size Z of the derivation: 
Z = 1 : the derivation can be: 

V \~crwl e — > -1 and it is clear that V \- C rwlf e <J {_L} 
P h cnwt A" — > if and it is clear that P h~ crwlf 

X < {X} 

V \~crwl c—> c with c G £>C° and it is clear that V ^ crwlf c < {c} 
/ => Z + 1 : the derivation can be of the following four forms: 

V \~crwl c(ei, ...,e„) — > c(ti, ...,t n ) by rule 3 of CRWL and then we have P \~crwl 
Gj — > ij for all i G {1, ...rt}. By i.h. we have V \~ C rwlf &i <1 ^ with tj G C 2 ; and by 
rule 3 of CRWLF we have V V crwlf c(ei, e n ) < C with c(ti, ...,t n ) G C. 

P l~cwi /( e ii — j6n) then there must exist a rule R — (/(f) — > e <= C) G P 
and G CSubst± such that by rule 4 of CRWL we will have the derivation 

e\ -> s x ... e;, -> s n eO —> t CO 

By i.h. we have: 

fid, ...,e„) -» i 
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i) there exists Ci such that V \~ohwlf &i <! C,: with Sj0 G Ci 
ii) there exists C such that P h~ crwlf £0 < C with t G C 

Hi) P hcRWLF 

ce 

From ii) and m), by rule 6 of CRWLF we can build the derivation P I crwlf 
f(si9) <\ n C using the c-instance R9. With this derivation and i) we have P ^ crwlf 
/(e) < C such that C C C, so f G C. 

• P K,wl e cxi e', using the rule 5 of CRWL. It follows that P h owi e — > t and 
■P K.wl e' — ► t for some i G CTerm. By i.h. P r- 0WiP e <a C and T 7 h cnlt , tF e' < C 
where t G C PI C. Taking into account that tit for all t G CTerm, by rule 9 of 
CRWLF we can build a derivation for T 7 I - crwlf & ^ 

• P \~crwl e O e', using the rule 6 of CRWL. It follows that P \- amt e — ► f and 

cbw[ c' — ► £' where i, t 1 G CTerm± and have a -DC-clash. By i.h. T 7 \~orwlf e <\ C 
and T 3 I crwlf e' < C where f G C and £' G C. By definition of f and by rule 10 of 
CRWLF wc ca/ii build ci derivation for 7^ I - crwlf & O e'. □ 

All the previous results make easy the task of proving that we have done things 
right with respect to failure. We will need a result stronger than Prop. which 
does not provide enough information about the relation between the denotation of 
an expression and each of its calculable SAS's. 

Proposition 5 

Given e G Term± p, if P \~orwlf e < C and V h crwl 6 — * t, then there exists s G C 
such that s and t are consistent. 

Proof 

Assume P I crwlf e < C and P h owi e — * i. By part b) of Prop. ^ there exists C 
such that P \~ crwlf e < C with t 

By Theorem ^ h follows that C and C are consistent. By definition of consistent 
SAS's, as £ G C, then there exist s G C such that i and s are consistent. □ 

We easily arrive now at our final result. 
Theorem 2 

Given e G Term j^f, if P ^ crwlf e < {f} then [e] = {±} 
Proof 

Assume t G [e]. This means that P \~ C rwl e — ► t, which in particular implies 
< G CTerm±. On the other hand, since I~cwlf e < {f}, we know from Prop. 
El that f and t must be consistent. As f is consistent only with _L and itself, and 
t G CTerm±, we conclude that t — ±. □ 
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7 Final Discussion and Future Work 

We have investigated how to deduce negative information from a wide class of 
functional logic programs. This is done by considering failure of reduction to head 
normal form, a notion playing a similar role, in the FLP setting, to that of negation 
as failure in logic programming, but having quite a different starting point. Negation 
as failure in LP can be seen mainly as an operational idea (existence of a finite, 
failed search tree) of which a logical interpretation can be given (successful negated 
atoms are logical consequences of the completion of the program) . The operational 
view of negation leads to an immediate implementation technique for negation 
included in all Prolog systems: to solve the negation of a goal, try to solve the 
goal and succeed if this attempt ends in failure. Unfortunately, as it is well-known, 
this implementation of negation is logically sound only for ground goals (see e.g. 



Apt and Bol (1994) ). 

Our approach has been different: we have given a logical status to failure by 
proposing the proof calculus CRWLF (Constructor based ReWriting Logic with 
Failure), which allows to deduce failure of reduction within CRWL QGonzalez et al. 19961 
IGonzalez et al. 1999|) . a well established theoretical framework for FLP. 

We must emphasize the fact that CRWLF is not an operational mechanism 
for executing programs using failure, but a deduction calculus fixing the logical 
meaning of such programs. Exactly the same happens in l|Gonzalez et al. 19961 
IGonzalez et al. 1999|l with the proof calculus of CRWL, which determines the log- 
ical meaning of a FLP program, but not its execution. The operational procedure 
in CRWL is given by a narrowing-based goal solving calculus, which is proved to be 
sound and complete with respect to the proof calculus. Our idea with CRWLF is to 
follow a similar way: with the proof calculus as a guide, develop a narrowing-based 
operational calculus able to compute failures (even in presence of variables). We 
are currently working on this issue. 

It is nevertheless interesting to comment that the operational approach to failure 
mentioned at the beginning of the section for the case of Prolog, can be also adopted 
for FLP, leading to a very easy implementation of failure: to evaluate fails (e), try 
to compute a head normal form of e; if this fails, return true, otherwise return 
false. This is specially easy to be done in systems having a Prolog-based imple- 
mentation like Curry or TOy. We have checked that all the examples in Section 
13 are executable in TOy with this implementation of failure, if the function fails 
is only applied to ground expressions. For instance, the goal safe(c) M T succeeds 
with answer T — true, and safe(a) IX T succeeds with answer T = false. If fails 
is applied to expressions with variables, this implementation is unsound. For in- 
stance, the goal safe(X) tx false succeeds without binding X, which is incorrect. 
The relationship between this kind of failure and CRWLF is an interesting issue to 
investigate, but it is out of the scope of this paper. 

The most remarkable technical insight in CRWLF has been to replace the state- 
ments e — > t of CRWL (representing a single reduction of e to an approximated 
value t) by e < C (representing a whole, somehow complete, set C of approximations 
to e). With the aid of < we have been able to cover all the derivations in CRWL, as 
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well as to prove failure of reduction and, as auxiliary notions, failure of joinability 
and divergence, the two other kinds of statements that CRWL was able to prove. 

The idea of collecting into an SAS values coming from different reductions for 
a given expression e presents some similarities with abstract interpretation which, 



within the FLP field, has been used in Bert and Echahed (1995 1 for detecting un 



satisfiability of equations e = e' (something similar to failure of our e IX e'). We 



can mention some differences between our work and Bert and Echahed (1995 1 : 



Programs in Bert and Echahed (19951 are much more restrictive: they must 



be confluent, terminating, satisfy a property of stratification on conditions, 
and define strict and total functions. 
• In our setting, each SAS for an expression e consists of (down) approxima- 
tions to the denotation of e, and the set of 5^4>5"s for e determines in a precise 
sense (Propositions 01 and 0) the denotation of e. In the abstract interpre- 
tation approach one typically obtains, for an expression e, an abstract term 
representing a superset of the denotation of all the instances of e. But some of 
the rules of the CRWLF L calculus (like (9) or (10)) are not valid if we replace 
5^4<5"s by such supersets. To be more concrete, if we adopt an abstract inter- 
pretation view of our 5j4S"s, it would be natural to see _L as standing for the 
set of all constructor terms (since _L is refinable to any value), and therefore 
to identify an SAS like C = {_L, z} with C = {^}- But from e < C we can 
deduce e txi z, while it is not correct to do the same from e < C. Therefore, 
the good properties of CRWLF with respect to CRWL are lost. 

We see our work as a step in the research of a whole framework for dealing 
with failure in FLP. Some natural future steps are to develop model theoretic 
and operational semantics for programs making use of failure information. On the 
practical side, we are currently working on an implementation of failure for the FLP 
system TOy ( |L6pez and Sanchez 1999a| |Abeng6zar et al. 2002). 
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